forked from p15670423/monkey
Agent: Change credential collectors, payloads and pbas in flat config
Flat config changes are made in order for config object to be serializable
This commit is contained in:
parent
b99ad70774
commit
d393a0b3c6
|
@ -357,6 +357,7 @@ class ConfigService:
|
|||
ConfigService._format_payloads_from_flat_config(config)
|
||||
ConfigService._format_pbas_from_flat_config(config)
|
||||
ConfigService._format_propagation_from_flat_config(config)
|
||||
ConfigService._format_credential_collectors(config)
|
||||
|
||||
# Ok, I'll admit this is just sort of jammed in here. But this code is going away very soon.
|
||||
del config["HTTP_PORTS"]
|
||||
|
@ -376,9 +377,18 @@ class ConfigService:
|
|||
for field in fields_to_remove:
|
||||
config.pop(field, None)
|
||||
|
||||
@staticmethod
|
||||
def _format_credential_collectors(config: Dict):
|
||||
collectors = [
|
||||
{"name": collector, "options": {}} for collector in config["credential_collectors"]
|
||||
]
|
||||
config["credential_collectors"] = collectors
|
||||
|
||||
@staticmethod
|
||||
def _format_payloads_from_flat_config(config: Dict):
|
||||
config.setdefault("payloads", {})["ransomware"] = config["ransomware"]
|
||||
config.setdefault("payloads", []).append(
|
||||
{"name": "ransomware", "options": config["ransomware"]}
|
||||
)
|
||||
config.pop("ransomware", None)
|
||||
|
||||
@staticmethod
|
||||
|
@ -388,9 +398,9 @@ class ConfigService:
|
|||
flat_windows_command_field = "custom_PBA_windows_cmd"
|
||||
flat_windows_filename_field = "PBA_windows_filename"
|
||||
|
||||
formatted_pbas_config = {}
|
||||
for pba in config.get("post_breach_actions", []):
|
||||
formatted_pbas_config[pba] = {}
|
||||
formatted_pbas_config = [
|
||||
{"name": pba, "options": {}} for pba in config.get("post_breach_actions", [])
|
||||
]
|
||||
|
||||
config["custom_pbas"] = {
|
||||
"linux_command": config.get(flat_linux_command_field, ""),
|
||||
|
|
|
@ -27,6 +27,7 @@
|
|||
"private_key": "my_private_key"
|
||||
}
|
||||
],
|
||||
"credential_collectors": ["MimikatzCollector", "SSHCollector"],
|
||||
"exploit_user_list": [
|
||||
"Administrator",
|
||||
"root",
|
||||
|
|
|
@ -25,7 +25,6 @@ def test_format_config_for_agent__credentials_removed():
|
|||
|
||||
def test_format_config_for_agent__ransomware_payload():
|
||||
expected_ransomware_options = {
|
||||
"ransomware": {
|
||||
"encryption": {
|
||||
"enabled": True,
|
||||
"directories": {
|
||||
|
@ -35,24 +34,24 @@ def test_format_config_for_agent__ransomware_payload():
|
|||
},
|
||||
"other_behaviors": {"readme": True},
|
||||
}
|
||||
}
|
||||
|
||||
flat_monkey_config = ConfigService.format_flat_config_for_agent()
|
||||
|
||||
assert "payloads" in flat_monkey_config
|
||||
assert flat_monkey_config["payloads"] == expected_ransomware_options
|
||||
assert flat_monkey_config["payloads"][0]["name"] == "ransomware"
|
||||
assert flat_monkey_config["payloads"][0]["options"] == expected_ransomware_options
|
||||
|
||||
assert "ransomware" not in flat_monkey_config
|
||||
|
||||
|
||||
def test_format_config_for_agent__pbas():
|
||||
expected_pbas_config = {
|
||||
"CommunicateAsBackdoorUser": {},
|
||||
"ModifyShellStartupFiles": {},
|
||||
"ScheduleJobs": {},
|
||||
"Timestomping": {},
|
||||
"AccountDiscovery": {},
|
||||
}
|
||||
expected_pbas_config = [
|
||||
{"name": "CommunicateAsBackdoorUser", "options": {}},
|
||||
{"name": "ModifyShellStartupFiles", "options": {}},
|
||||
{"name": "ScheduleJobs", "options": {}},
|
||||
{"name": "Timestomping", "options": {}},
|
||||
{"name": "AccountDiscovery", "options": {}},
|
||||
]
|
||||
flat_monkey_config = ConfigService.format_flat_config_for_agent()
|
||||
|
||||
assert "post_breach_actions" in flat_monkey_config
|
||||
|
|
Loading…
Reference in New Issue